dinsdag 11 mei 2010

ConfigMgr: AD Permissions for Domain Join Account

It's a good practise to use a service account for any sort of automated task, and this is no different with SCCM Operating System Deployment.

SCCM OSD has the capability of automatically adding a workstation to the domain during the Task Sequence, so the amount of work that needs to be done by hand is kept to a bare minimum. You use a service account in SCCM that has the permissions to add the computer to the needed OU, but what permissions do you need exactly?

Well, at a minimum you'll need the following permissions:

I hope this helps, I know I'll be back when I need it set again :)


Stefan Hazenbroek

  1. can you mention where to set these as when i look in AD users and computers and go tothe OU my computers are to go in and Delete control the list above is not shown as options ..

    note im 2008 R2

  2. Hi Mywebie,

    You need to choose Delegation of Control when you right-click on the OU. In there you can walk through the wizard and choose the permissions.